Privacy Policy
1. Introduction
At Elbo Room (accessible via elboroomsf.com), we are committed to preserving the privacy and security of your personal information. We respect your right to data protection and have implemented comprehensive measures to ensure that your personal data is collected, processed, stored, and shared in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines our practices regarding the information we collect, how we use it, and the rights you have in relation to your personal data.
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access elboroomsf.com or communicate with us through associated channels. Elbo Room is the data controller responsible for the processing of personal information pursuant to this policy. Any inquiries regarding personal data should be directed to [email protected].
By using our website or providing us your information, you acknowledge the practices described in this Privacy Policy.
3. Categories of Personal Data We Process
We may collect and process various types of personal data depending on your interactions with elboroomsf.com:
a. Usage Data
Information on how you access and use the website including IP address, browser type, operating system, referral URLs, session timestamps, and interaction data.
b. Account Data
Information that you provide by creating an account or making a reservation or order, including your full name, billing and shipping address, email address, phone number, and account credentials.
c. Profile Data
Details such as event preferences, past purchases, and behavioral habits (e.g., frequency of visits, order history).
d. Communication Data
Records of correspondence and interactions with us, including emails, support inquiries, contact form submissions, and other direct communications.
e. Technical Data
Information gathered from the devices you use to access our sites, including device identifiers, system configuration, screen resolution, and language settings.
f. Transaction Data
Details regarding purchases, including payment method (processed through secure third parties), transactional timestamps, order quantities, and delivery details.
g. Preference Data
Marketing and communication preferences, opt-ins to promotional materials, and product or content interests based on explicit consent or site behavior.
4. Legal Bases for Processing Personal Data
We collect and process your personal data based on the following legal grounds:
– Consent: Where you have given explicit permission for us to process your data (e.g., subscribing to a newsletter).
– Contractual Necessity: To fulfill obligations under a contract with you, such as processing a reservation or order.
– Legal Obligation: When required by applicable laws or regulations.
– Legitimate Interests: Where the processing is necessary for our legitimate interests, provided that such interests are not overridden by your rights and interests; for example, security monitoring, fraud prevention, or analytics to improve performance.
5. Your Rights
As a data subject, you have the following rights, subject to applicable law and verification of identity:
– Right of Access: To know what personal data we hold about you.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data (“right to be forgotten”) under certain conditions.
– Right to Restrict Processing: To limit the way we use your data in specific circumstances.
– Right to Data Portability: To receive a copy of your data in a structured, commonly used format and transmit that data to another controller.
– Right to Object: To object to certain types of processing, including direct marketing or profiling based on legitimate interest.
To exercise any of these rights, contact us at [email protected].
6. Security Measures
We have implemented rigorous technical and organizational safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction. These include:
– Industry-standard encryption of data in transit and at rest.
– Access controls restricted to authorized personnel.
– Regular data backups and secure storage architectures.
– Staff training on data protection and privacy obligations.
– Monitoring systems to detect intrusions and anomalous behavior.
7. International Transfers
If your data is transferred outside of the country in which it is collected, such transfers are conducted under lawful mechanisms such as Standard Contractual Clauses approved by the European Commission, or equivalent safeguards under applicable privacy laws. Where required, we verify that each recipient jurisdiction maintains adequate levels of data protection.
8. Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required under applicable laws. Tentative retention periods include:
– Usage and Technical Data: up to 12 months.
– Account and Transaction Data: up to 7 years to comply with financial and recordkeeping obligations.
– Communication Data: up to 24 months for customer support histories.
– Preference Data and Marketing Consents: retained until consent is withdrawn or 24 months, whichever is earlier.
All data is securely destroyed or anonymized once the retention period concludes.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, analyze site performance, and deliver relevant advertising. The categories of cookies we deploy include:
– Essential Cookies: Required for website functionality and security.
– Functional Cookies: Preserve user preferences and ensure consistent service features.
– Analytics Cookies: Measure website traffic, identify behavior patterns, and optimize performance.
– Performance Cookies: Improve site speed and user responsiveness.
10. Cookie Management and Compliance
Upon your first visit to elboroomsf.com, you will be presented with a cookie banner that allows you to manage your preferences. You may change or withdraw your consent at any time via our Cookie Settings tool or by adjusting your browser settings.
We comply with applicable GDPR and CCPA cookie consent and disclosure requirements. Opt-out mechanisms for non-essential cookies are honored where legally required.
11. Children’s Privacy
We do not knowingly collect, process, or solicit personal data from individuals under the age of 13. If we learn that we have unintentionally collected personal information from a child without verified parental consent, we will promptly delete such data. If you believe a child has provided us with personal data, please contact us at [email protected].
12. Updates to this Privacy Policy
We reserve the right to revise this Privacy Policy from time to time in order to reflect changes in our practices or regulatory requirements. Where material changes occur, we will provide prominent notice on elboroomsf.com or reach out via the contact information you have provided. Continued use of our website following an update signifies your acceptance of the revised terms.
13. Contacting Us
If you have any questions regarding this Privacy Policy, your personal data, or wish to exercise your legal rights, please reach out to us at:
Email: [email protected]
Website: https://elboroomsf.com
We are committed to protecting your privacy and adhering to applicable data protection laws. Please do not hesitate to contact us for further information or assistance related to your personal data.
